1.1 This Policy of the Service-Integrator Limited Liability Company (hereinafter referred to as the Operator) establishing personal data processing (hereinafter referred to as the Policy) has been developed in compliance with the requirements of Clause 2, Part 1, Article 18.1 of Federal Law No.152-FZ dated July 27,2006 “On Personal Data” (hereinafter referred to as the Personal Data Law) in order to ensure protection of human and civil rights and freedoms in personal data processing, including protection of the rights to privacy, personal and family secrets.
1.2 All Operator employees shall follow provisions of this Policy.
1.3 This Policy applies to the relationships in personal data processing created with the Operator both before and after approval of this Policy.
In compliance with the requirements of Part 2 Article 18.1 of the Personal Data Law, this Policy is
published on the Internet in free access, on the
Service-Integrator corporate web portal.
Personal data - any information related directly or indirectly to a specific or identifiable individual (personal data subject).
Operator - state body, municipal body, legal entity or individual, who independently or jointly with other persons arranges and (or) processes personal data, and determines purposes of personal data processing, composition of personal data to be processed, actions (operations) performed with personal data.
Personal data processing - any action (operation) or set of actions (operations) performed with personal data with or without automation tools, including personal data collection, recording, systematization, accumulation, storage, clarification (update, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction.
Automated processing of personal data - personal data processing with the help of computer technology.
Distribution of personal data - actions aimed to disclose personal data to an indefinite set of people.
Provision of personal data - actions aimed to disclose personal data to a certain person or a certain set of people.
Blocking of personal data - temporary termination of personal data processing (except cases when processing is necessary to clarify personal data).
Destruction of personal data - actions resulting in impossibility to restore personal data content in the personal data information system and (or) resulting in the destruction of material media with personal data.
Depersonalization of personal data - actions resulting in impossibility, without additional information, to determine personal data identity and it belonging to a specific personal data subject.
Cookie - small text file that the web server places on the hard disk of the user's computer.
3.1 Legal basis for personal data processing is a set of regulatory legal acts, pursuant to which and in accordance with which the Operator processes personal data, including:
- Constitution of the Russian Federation;
- Civil Code of the Russian Federation;
- Labor Code of the Russian Federation;
- Federal Law No.152-FZ dated July 27, 2006 “On Personal Data”;
- Other regulatory legal acts governing relationships associated with Operator's activities.
4.1 Operator has the right to:
4.1.1 Independently determine composition and set of measures necessary and sufficient to ensure fulfillment of obligations established by the Personal Data Law and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Personal Data Law or other federal laws;
4.1.2 Delegate personal data processing to another party with the consent of personal data subject, unless otherwise provided by the federal law, on the basis of an agreement concluded with this party. Party processing personal data on behalf of the Operator is obliged to comply with principles and rules of personal data processing established by the Personal Data Law;
4.1.3 If personal data subject withdraws consent to personal data processing, the Operator has the right to continue personal data processing without consent of the personal data subject provided grounds specified in the Personal Data Law.
4.2 Operator is obliged to:
4.2.1 Arrange personal data processing in accordance with the requirements of the Personal Data Law;
4.2.2 Respond to requests from personal data subjects and their legal representatives in accordance with the requirements of the Personal Data Law;
4.2.3 Arrange recording, systematization, accumulation, storage, clarification (update, modification), extraction of personal data using databases located on the territory of the Russian Federation, except for cases established by the law;
4.2.4 Report required information to the authorized body for protection of rights of personal data subjects (Federal Service for Supervision of Communications, Information Technology and Mass Communications (Roskomnadzor)) at the request of this body.
4.3 Basic rights of the personal data subject:
4.3.1 Receive information concerning processing of their personal data, except in cases provided for by federal laws. Operator provides information to the personal data subject in an accessible form, and it should not contain personal data related to other personal data subjects, except if there are legitimate grounds for disclosure of such personal data. List of information and procedure for its obtainment are established by the Personal Data Law;
4.3.2 Require the Operator to clarify their personal data, block or destroy them if personal data is incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing, as well as take measures provided by law to protect their rights;
4.3.3 Appeal to Roskomnadzor or in court against illegal actions or omission of the Operator during processing of their personal data.
Operator has right to process obtained personal data of subjects in various categories in accordance with the provisions of this Policy to pursue following goals:
5.1 Creating a personal account on the website:
5.1.1 Category of subjects: site users.
5.1.2 List of processed personal data: Full name, phone number, email address.
5.1.3 Operator may transfer personal data (provision and access) to the following parties: Operator employees, authorized bodies in accordance with the legislation of the Russian Federation.
5.2 For marketing and other research:
5.2.1 Category of subjects: site users.
5.2.2 List of processed personal data: Full name, phone number, email address.
5.2.3 Operator may transfer personal data (provision and access) to the following parties: Operator employees, authorized bodies in accordance with the legislation of the Russian Federation.
5.3 For feedback:
5.3.1 Category of subjects: site users.
5.3.2 List of processed personal data: Full name, phone number, email address.
5.3.3 Operator may transfer personal data (provision and access) to the following parties: Operator employees, authorized bodies in accordance with the legislation of the Russian Federation.
5.4 Providing Users with access to the services, information and/or materials contained on the website:
5.4.1 Category of subjects: site users.
5.4.2 List of processed personal data: Full name, phone number, email address.
5.4.3 Operator may transfer personal data (provision and access) to the following parties: Operator employees, authorized bodies in accordance with the legislation of the Russian Federation.
5.5 Attracting and selecting candidates to work with the Operator:
5.5.1 Category of subjects: applicants.
5.5.2 List of processed personal data: Full name, phone number, email address, driver's license category, city.
5.5.3 Operator may transfer personal data (provision and access) to the following parties: Operator employees, authorized bodies in accordance with the legislation of the Russian Federation.
Operator will process personal data with the consent of the personal data subjects. Personal data subject consents to Operator processing their personal data, as well as transfer of their personal data to third parties, by putting an appropriate mark (check mark) on the filled-in page of the Website, and whenever the Policy is updated. Performing these actions and putting a check mark means that subject acknowledges terms of the Policy and accepts them in full, as well as provides Operator with consent to process their personal data in the manner and on the terms specified in the Policy. Before putting down a check mark, Personal Data Subject must acknowledge terms of this Policy, make sure that all conditions are clear, and that they are ready to accept them in full. If Personal Data Subject does not agree with the terms of this Policy, they may not perform the actions specified in this paragraph and stop performing any activities on the Website. Provision of personal data through the Website means unconditional and full consent of the person providing personal data with the terms of this Policy, and also a confirmation from the Personal Data Subject that they are over 18 years.
By agreeing to this Policy, Website Visitor consents to Operator performing following actions related to personal data processing: collection, recording, systematization, accumulation, storage, clarification (update, modification), extraction, use, transfer (provision and access), blocking, deletion, destruction of personal data. When performing actions with personal data specified in this paragraph, Operator will ensure implementation of the principle for personal data localization, i.e. Operator should perform all actions specified in this paragraph using databases located in the Russian Federation, except for cases expressly provided for by the current personal data legislation of the Russian Federation.
By agreeing to this Policy, personal data subject consents to Operator automatically processing their personal data.
Operator will store personal data in a form that allows determination of personal data subject, no longer than required by each purpose of personal data processing, unless storage period for personal data is established by federal law, contract.
Operator will cease personal data processing in following cases:
- Goal of processing personal data has been achieved;
- Fact of illegal personal data processing has been revealed – within three working days from the date of reveal;
- Consent of personal data subject for the processing of specified data has expired or withdrawn if, according to the Personal Data Law, processing of this data is allowed only with consent.
Upon achievement of purpose of personal data processing, as well as in the case of consent withdrawal by the personal data subject, Operator will cease to processing this data if:
- Contract, party, beneficiary or the guarantor of which is the personal data subject, does not provide otherwise;
- Operator is not entitled to process without consent of the personal data subject on the grounds established by the Personal Data Law or other federal laws;
- Another agreement between Operator and personal data subject does not provide otherwise.
When a personal data subject demands from the Operator to cease personal data processing not later than 10 working days from the date when Operator receives relevant request, personal data processing will be ceased, except in cases established by the Personal Data Law. Specified period may be extended, but not more than five working days. For this, Operator must send justified notification to the personal data subject indicating reasons for the extension of this period.
Personal data is destroyed by erasing personal data from the Operator's servers.
By providing consent to the processing of their personal data, personal data subjects are considered to properly acknowledge and agree, inter alia, with following provisions regarding personal data processing:
- Operator's Website is not intended for persons under the age of 18, and therefore Operator requires that persons under the age of 18 do not provide their personal data through the Website. If Operator discovers that minors have provided their personal data through the Website, Operator has right to destroy such personal data;
Operator takes necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, distribution and other unauthorized actions, including:
- Identifying threats to security of personal data during their processing;
- Adopting local regulations and other documents governing relations in the field of personal data processing and protection;
- Appointing persons responsible for ensuring security of personal data in the structural divisions and information systems of the Operator;
- Creating necessary conditions for working with personal data;
- Arranging tracking of documents containing personal data;
- Arranging work with information systems where personal data is processed;
- Storing personal data in conditions that ensure safety and exclude unauthorized access;
- Arranging training of the Operator's employees who process personal data;
- Using anti-virus protection tools for software and hardware complexes;
- Ensuring compliance of software tools used with the requirements of control and supervisory authorities, taking preventive measures to identify threats to personal data security;
- And implementing other measures based on the requirements of regulatory legal acts.
10.1 Cookie - small text file that the web server places on the hard disk of the user's
computer. Cookies can be either “session” or “persistent”. Operator uses session cookies to assign a
unique identification number to the user's computer every time they visit the website, which are
deleted after the browser is closed. Such files are also used to analyze user's work with the
website (navigation of the pages, links used and time spent by the user on a particular page are
Operator's web server recognizes persistent cookies that are stored on the hard drives of users' computers, and assigns unique identifiers to users' devices. Operator may create a database on actions and preferences of website visitors (in particular, about frequency of visits and frequency of user return, about their preferences on the website, as well as effectiveness of the company's promotion activities). It is important that cookies do not contain personal data of users, they only record their actions.
Session cookies do not require prior consent of users; persistent cookies require such consent.
This Policy is published on the Website https://s-int.ru/en/. Personal data subject may at any time to review this Policy posted on the above resource.
This Policy is approved and put into effect in accordance with the Operator's Charter and is valid until its cancellation.
Operator has right to modify (supplement) this Policy at any time at its sole discretion, bringing such modifications (supplements) to the public by posting updated Policy on the Website. Personal data subjects undertake to independently monitor Policy changes. Continued use of the Website after amended version of the Policy comes into effect means full and unconditional acceptance of the amended Policy. In case of disagreement with the changes, personal data subject must stop using the Website.